[dennisgorelik]

"Scammed" is exactly the right word here.

When CAPTCHA is just simulated on the client, then it's clear indication of malicious intent (of getting paid for faking real job).

That said, CAPTCHA should not be used at all. But torturing users with CAPTCHA while allowing bypass access to bots is more advanced level of evil.

[sdkmvx]

'Scammed' is not the right word. Ever heard the aphorism "never attribute to malice what can be attributed to incompetence"? Manager types (and unfortunately probably quite a few programmers) have no idea what CAPTCHAs do, and I would bet money that somewhere, somebody has vetoed a server CAPTCHA in favor of a client CAPTCHA because it sounded easier or something. I'm not saying that's what happened here, but don't say it was obviously malice when you just don't know.

[dennisgorelik]

Scam does not imply malice.

Usually scammers treat their victims as customers and wish them well.

In this particular example it was combination of technical incompetence [not being able to deliver proper CAPTCHA] with scam [of getting paid for project that did not deliver on promise].

[ignifero]

Ehm, a scam with good intentions? Come on, are you a Nigerian prince?

[dennisgorelik]

Scammers are like parasites. They take from their victims, but aside from that they want their victims to be well.